Security News > 2024 > July > Massive SMS stealer campaign infects Android devices in 113 countries
A malicious campaign targeting Android devices worldwide utilizes thousands of Telegram bots to infect devices with SMS-stealing malware and steal one-time 2FA passwords for over 600 services.
The SMS stealer is distributed either through malvertising or Telegram bots that automate communications with the victim.
On Telegram, the bots promise to give the user a pirated application for the Android platform, asking for their phone number before they share the APK file.
Zimperium says the operation uses 2,600 Telegram bots to promote various Android APKs, which are controlled by 13 command and control servers.
The requested Android SMS access permissions allow the malware to capture the OTPs required for account registrations and two-factor authentication.
New Medusa malware variants target Android users in seven countries.